Vulnerabilities > Commvault
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-13 | CVE-2021-34993 | Improper Authentication vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. | 7.5 |
| 2022-01-13 | CVE-2021-34994 | Code Injection vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. | 8.8 |
| 2022-01-13 | CVE-2021-34995 | Unrestricted Upload of File with Dangerous Type vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. | 6.5 |
| 2022-01-13 | CVE-2021-34996 | Unspecified vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. | 9.0 |
| 2022-01-13 | CVE-2021-34997 | Unrestricted Upload of File with Dangerous Type vulnerability in Commvault Commcell 11.22.22 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. | 6.5 |
| 2020-10-29 | CVE-2020-25780 | Path Traversal vulnerability in Commvault Commcell In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. | 5.0 |
| 2018-01-19 | CVE-2017-18044 | OS Command Injection vulnerability in Commvault 11.0 A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. | 10.0 |
| 2017-12-16 | CVE-2017-3195 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Commvault Edge 11.0.0 Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges. | 10.0 |
| 2015-11-04 | CVE-2015-7253 | OS Command Injection vulnerability in Commvault Edge Server 10 The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | 10.0 |